Google has removed as many as 22 apps from its play store which are considered as potentially dangerous apps. The apps included Sparkle Flashlight which is a flashlight app that was downloaded close to a million times after it was available on Play Store a year ago. The 22 apps were collectively downloaded over 2 million times from the Play Store and executed the ad fraud by creating fake ad requests.
According to Sophos the 19 apps which were available since June had a “device-draining backdoor” from the beginning that helped them to download files from a server that was controlled by an attacker, without the knowledge of the user. While the other apps including the Sparkle Flashlight were updated in March 2018 to add the backdoor.
All the 22 malicious apps were removed from Google in the last week of November. Sophos posted in their blog that Andr/Clickr-ad is a well-organized, persistent malware which has the potential to cause serious harm to end users and also the entire Android ecosystem.
These apps which seemingly clicked on fraudulent ads were active even after force-closed. This resulted in draining the phone’s battery and causing data overages. Besides the devices are fully controlled by the C2 server and can potentially install any malicious modules upon the instructions of the server.
Google stated that it takes “deceptive and malicious behavior” on the platform very seriously and that they would take actions against any app that violates it.